Hi,

First of all, cheers for QuickCert and Eric.  I wish I could introduce 
PKI, an authentication infrastructure to Ruby world easily.

Guillaume Marcais wrote:
> The offending line does a comparison. I added display of the 2 compared 
> values:
> 
> csr.subject [["C", "US", 19], ["O", "local", 12], ["OU", "gusmac", 12]]
> @ca_config  [["C", "US"], ["O", "local"], ["OU", "gusmac"]]
> 
> 
> They look awfully similar...
> Should the test be modified to succeed in this case?

Yes.  But I recommend that you set @ca_config same as the name array of 
csr.subject, i.e. give 19 and 12s.  19 and 12 means PRINTABLESTRING and 
UTF8STRING of ASN.1 respectively.  Comparing different type of String is 
still unclear in PKI world so it might cause a problem in the future.

If you use the cert pair only for your SSL connection and don't have a 
plan to use it for another purpose, i.e. no interoperability needed with 
other PKI software, just ignore the following.

For maximum interoperability, use PRINTABLESTRING for all DN component 
if you can.  There are many PKI softwares that cannot handle UTF8String 
in the world...

@ca_config [["C", "US", OpenSSL::ASN1::PRINTABLESTRING], ...] might work 
though I haven't check QuickCert inside yet.  You must also modify 
gen_csr.rb in Ruby's distribution (does QuickCert directly includes 
it?).  Line

   name = X509::Name.parse(name_str)

must be

   name = X509::Name.new([["C", "US", OpenSSL::ASN1::PRINTABLESTRING], ...])

as the same.

Regards,
// NaHi